Rule-based JavaScript security testing method

A detection method and security technology, applied in computer security devices, platform integrity maintenance, instruments, etc., can solve the problems of high false detection rate, low detection efficiency, and high missed detection rate of mixed method detection

Active Publication Date: 2016-10-26
NANJING UNIV OF POSTS & TELECOMM
View PDF4 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The technical problem to be solved by the present invention is to overcome the shortcomings of the prior art, such as the high missed detection rate caused by

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rule-based JavaScript security testing method
  • Rule-based JavaScript security testing method
  • Rule-based JavaScript security testing method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The present invention will be described in further detail below in conjunction with the accompanying drawings. Detect and give feedback on the security of the JavaScript code in the website to discover security issues including non-standard JavaScript coding and malicious code in cross-site scripting attacks.

[0039] In order to achieve the above object, the present invention first uses the DLint tool to dynamically discover the non-standard coding of JavaScript, and then uses the open source static code specification detection tool ESLint to detect the branch part of the source code; then uses the static analysis method, according to the characteristics and settings of the JavaScript page threshold to filter out pages with malicious code that may contain cross-site scripting attacks in the source code, and finally use the Jalangi framework to perform dynamic instrumentation on the filtered pages for taint analysis to determine whether the filtered pages contain cross-s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a rule-based JavaScript security testing method. A program analysis method in which static analysis and dynamic analysis are combined is utilized for testing the security problem of a JavaScript code in a website and performing feedback, thereby finding out the security problems which comprise JavaScript coding standardization un-qualification and over-site script attack malicious codes. The method comprises the steps of dynamically finding out a JavaScript coding standardization un-qualification problem by means of a DLint tool, then testing the branched parts of a source code by means of an open-source static code standardization testing tool ESLint; then filtering a page which may contain over-site script attack malicious codes in the source code according to JavaScript page characteristics and a preset threshold according to a static analysis method; and then performing dynamic Instrumentation on the filtered page for performing strain analysis by means of a Jalangi frame, thereby determining whether the filtered page contains an over-site script attack. The rule-based JavaScript security testing method effectively improves testing efficiency for code standardization and malicious codes based on miss rate reduction.

Description

technical field [0001] The invention relates to the field of detection or processing of computer malicious software, in particular to a rule-based JavaScript security detection method. Background technique [0002] With the development of Web2.0 technology, the development of applications using JavaScript continues to accelerate. JavaScript is a web scripting language that has been widely used in web application development. It is often used to add various dynamic functions to web pages to provide users with smoother and more beautiful browsing effects. Usually, JavaScript scripts realize their own functions by embedding them in HTML. [0003] JavaScript is favored by people because of its dynamic interaction capability and good performance on various browsers, but at the same time, it also brings more and more security problems. [0004] Due to its loose coding organization, JavaScript often has the characteristics of non-standard coding, which allows malicious attackers ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/562G06F21/566
Inventor 张卫丰赵晨张迎周周国强王子元
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap